home

mediapluginsetup.exe

Game Play Labs

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application mediapluginsetup.exe by Game Play Labs has been detected as adware by 28 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Game Play Labs  (signed and verified)

MD5:
8e5506e8dbfb59f986608853e3f598de

SHA-1:
95e349933ffe0b9a2060af1b6e08ee6b4b2f1ab9

SHA-256:
8a1a8568ac86b4cf9801a3b0a121f701afca18131c5677d30fc86989a7dedad1

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/25/2024 9:11:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.GamePlayLabs
7.1.1

AhnLab V3 Security
Adware/Win32.GamePlayLabs
2012.10.13

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.46.4

avast!
Win32:Adware-gen [Adw]
2014.9-141020

AVG
BHO.C
2015.0.3315

Bitdefender
Adware.Generic.168685
1.0.20.1465

Comodo Security
UnclassifiedMalware
13842

Dr.Web
Adware.GamePlayLabs.2
9.0.1.0293

Emsisoft Anti-Malware
Riskware.AdWare.Win32.GPL!IK
8.14.10.20.02

ESET NOD32
Win32/Adware.GamePlayLabs (variant)
8.7579

Fortinet FortiGate
Adware/GamePlayLabs
10/20/2014

F-Prot
W32/GamePlay.A
v6.4.6.5.141

F-Secure
Adware.Generic.168685
11.2014-20-10_2

G Data
Adware.Generic.168685
14.10.22

IKARUS anti.virus
not-a-virus:AdWare.Win32.GPL
t3scan.1.1.122.0

K7 AntiVirus
Adware
13.153.7727

Kaspersky
not-a-virus:AdWare.Win32.GamePlayLabs
14.0.0.3072

McAfee
GamePlayLabs
5600.6971

Microsoft Security Essentials
Adware:Win32/GamePlayLabs
1.163.1557.0

MicroWorld eScan
Adware.Generic.168685
15.0.0.879

Panda Antivirus
Trj/CI.A
14.10.20.02

Reason Heuristics
PUP.Installer.GamePlayLabs.Q
14.10.20.13

Sophos
Game Play Labs
4.81

SUPERAntiSpyware
Adware.GamePlayLabs
10288

Trend Micro House Call
TROJ_GEN.F47V1012
7.2.293

Trend Micro
TROJ_GEN.RCBOCHS
10.465.20

Vba32 AntiVirus
Adware.GamePlayLabs
3.12.18.2

VIPRE Antivirus
GamePlayLabs
13498

File size:
862 KB (882,696 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\old\???\mediapluginsetup.exe

Digital Signature
Signed by:
Game Play Labs

Authority:
VeriSign, Inc.

Valid from:
11/4/2010 2:00:00 AM

Valid to:
11/5/2011 1:59:59 AM

Subject:
CN=Game Play Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Game Play Labs, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6ACCE23BF8176B4E2BFCFFAB8FB3BB19

File PE Metadata
Compilation timestamp:
3/15/2010 8:27:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:futrzh9xOXk9UO4aFsgXRbW2xOeSuMLO1EguxrZEr5rmDaNkMFGF760F/AmpHBDT:futr5OUK/IbdMaEql6Sk9Os/NpH9bhQ4

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.7578  (probably packed)

Code size:
66 KB (67,584 bytes)

Remove mediapluginsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.